Trojaner-Board - Malware / Trojaner der mit TrendMicro nicht eliminiert werden kann

Hallo,

ich brauche Eure Hilfe:
Irgendwo muss ich mir 'nen Übeltäter eingefangen haben. Ständig öffnen sich neue Websites, die TrendMicro aber als gefährlich erkennt und sperrt. Mit Ad-Aware habe ich auch schon 3-4 verdächtige Dateien entfernen können. Nur leider am nächsten Tag das selbe Prob. Mittlerweile verzögern sich auch gelegentlich Programmstarts. Hier nun mein HJ-Logfile, verbunden mit der Hoffnung, dass mir jemand behilflich sein kann:
Code:
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:49:33, on 15.01.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

D:\Programme\Internet Security 2008\BM\TMBMSRV.exe

D:\Programme\FRITZ!DSL\IGDCTRL.EXE

D:\Programme\FolderSize\FolderSizeSvc.exe

D:\Programme\Norton SystemWorks\Norton Ghost\GhostStartService.exe

C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe

D:\Programme\Norton Ghost\Agent\VProSvc.exe

D:\Programme\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\PnkBstrA.exe

D:\Programme\Internet Security 2008\Internet Security\SfCtlCom.exe

C:\WINDOWS\system32\svchost.exe

D:\Programme\Internet Security 2008\Internet Security\TmPfw.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\Microsoft IntelliPoint\ipoint.exe

C:\Programme\FreePDF_XP\fpassist.exe

D:\Programme\Internet Security 2008\Internet Security\UfSeAgnt.exe

C:\Programme\Microsoft IntelliPoint\dpupdchk.exe

D:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\dllhost.exe

D:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe

D:\Programme\Internet Security 2008\Internet Security\TmProxy.exe

D:\Programme\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\NOTEPAD.EXE

D:\Downloads\HiJackThis\HiJackThis.exe

D:\Downloads\HiJackThis\HiJackThis.exe

D:\Downloads\HiJackThis\HiJackThis.exe

D:\Downloads\HiJackThis\HiJackThis.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.1und1.de/links/home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://sedoparking.com/domparking.php?id=827484&q=%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer bereitgestellt von 1&1 Internet AG

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)

O3 - Toolbar: (no name) - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - (no file)

O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe

O4 - HKLM\..\Run: [UfSeAgnt.exe] "D:\Programme\Internet Security 2008\Internet Security\UfSeAgnt.exe"

O4 - HKLM\..\Run: [StartCCC] "D:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [QuickTime Task] "D:\Programme\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: Download with GetRight - D:\Programme\GetRight\GRdownload.htm

O8 - Extra context menu item: Easy-WebPrint - Drucken - res://D:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://D:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://D:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://D:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Open with &ZipScan - D:\PROGRA~1\ZIPSCA~1\ZipScan\zs_ie.htm

O8 - Extra context menu item: Open with GetRight Browser - D:\Programme\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (file missing)

O18 - Protocol: haufereader - (no CLSID) - (no file)

O20 - AppInit_DLLs: vaoxkb.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programme\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVM IGD CTRL Service - AVM Berlin - D:\Programme\FRITZ!DSL\IGDCTRL.EXE

O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe

O23 - Service: Folder Size (FolderSize) - Brio - D:\Programme\FolderSize\FolderSizeSvc.exe

O23 - Service: GhostStartService - Symantec Corporation - D:\Programme\Norton SystemWorks\Norton Ghost\GhostStartService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Unknown owner - D:\Programme\Ahead\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Norton Ghost - Symantec Corporation - D:\Programme\Norton Ghost\Agent\VProSvc.exe

O23 - Service: NTBOOTMGR (NTBOOT) - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntuser.exe (file missing)

O23 - Service: NTLOAD - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)

O23 - Service: NTSVCMGR - Unknown owner - C:\WINDOWS\SYSTEM\DRIVER\ntsrv.exe (file missing)

O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\Programme\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - D:\Programme\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - D:\Programme\Internet Security 2008\Internet Security\SfCtlCom.exe

O23 - Service: SymSnapService - Symantec - D:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - D:\Programme\Internet Security 2008\BM\TMBMSRV.exe
 

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - D:\Programme\Internet Security 2008\Internet Security\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - D:\Programme\Internet Security 2008\Internet Security\TmProxy.exe

O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)
 

--

End of file - 8495 bytes